aboutsummaryrefslogtreecommitdiff
path: root/vendor/github.com/docker
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2022-02-03 18:33:22 -0500
committerDaniel J Walsh <dwalsh@redhat.com>2022-02-03 18:33:22 -0500
commit1d1b2b1509646e07ab4a984c7622fa002a0fcdb7 (patch)
treefd4078e58bc9ab0b6c2ef1938017ce5844f97744 /vendor/github.com/docker
parent608b6142edb7a4e179ce6d2ae69707be28f29359 (diff)
downloadpodman-1d1b2b1509646e07ab4a984c7622fa002a0fcdb7.tar.gz
podman-1d1b2b1509646e07ab4a984c7622fa002a0fcdb7.tar.bz2
podman-1d1b2b1509646e07ab4a984c7622fa002a0fcdb7.zip
Update containers/buildah v1.24.1
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'vendor/github.com/docker')
-rw-r--r--vendor/github.com/docker/go-connections/nat/nat.go28
-rw-r--r--vendor/github.com/docker/go-connections/nat/sort.go4
-rw-r--r--vendor/github.com/docker/go-connections/sockets/proxy.go39
-rw-r--r--vendor/github.com/docker/go-connections/sockets/sockets.go12
-rw-r--r--vendor/github.com/docker/go-connections/sockets/sockets_unix.go13
-rw-r--r--vendor/github.com/docker/go-connections/sockets/sockets_windows.go5
-rw-r--r--vendor/github.com/docker/go-connections/sockets/unix_socket.go116
-rw-r--r--vendor/github.com/docker/go-connections/tlsconfig/config.go31
-rw-r--r--vendor/github.com/docker/go-connections/tlsconfig/versions_go113.go16
-rw-r--r--vendor/github.com/docker/go-connections/tlsconfig/versions_other.go15
10 files changed, 183 insertions, 96 deletions
diff --git a/vendor/github.com/docker/go-connections/nat/nat.go b/vendor/github.com/docker/go-connections/nat/nat.go
index bb7e4e336..296c96a63 100644
--- a/vendor/github.com/docker/go-connections/nat/nat.go
+++ b/vendor/github.com/docker/go-connections/nat/nat.go
@@ -8,11 +8,6 @@ import (
"strings"
)
-const (
- // portSpecTemplate is the expected format for port specifications
- portSpecTemplate = "ip:hostPort:containerPort"
-)
-
// PortBinding represents a binding between a Host IP address and a Host Port
type PortBinding struct {
// HostIP is the host IP Address
@@ -158,30 +153,33 @@ type PortMapping struct {
func splitParts(rawport string) (string, string, string) {
parts := strings.Split(rawport, ":")
n := len(parts)
- containerport := parts[n-1]
+ containerPort := parts[n-1]
switch n {
case 1:
- return "", "", containerport
+ return "", "", containerPort
case 2:
- return "", parts[0], containerport
+ return "", parts[0], containerPort
case 3:
- return parts[0], parts[1], containerport
+ return parts[0], parts[1], containerPort
default:
- return strings.Join(parts[:n-2], ":"), parts[n-2], containerport
+ return strings.Join(parts[:n-2], ":"), parts[n-2], containerPort
}
}
// ParsePortSpec parses a port specification string into a slice of PortMappings
func ParsePortSpec(rawPort string) ([]PortMapping, error) {
var proto string
- rawIP, hostPort, containerPort := splitParts(rawPort)
+ ip, hostPort, containerPort := splitParts(rawPort)
proto, containerPort = SplitProtoPort(containerPort)
- // Strip [] from IPV6 addresses
- ip, _, err := net.SplitHostPort(rawIP + ":")
- if err != nil {
- return nil, fmt.Errorf("Invalid ip address %v: %s", rawIP, err)
+ if ip != "" && ip[0] == '[' {
+ // Strip [] from IPV6 addresses
+ rawIP, _, err := net.SplitHostPort(ip + ":")
+ if err != nil {
+ return nil, fmt.Errorf("Invalid ip address %v: %s", ip, err)
+ }
+ ip = rawIP
}
if ip != "" && net.ParseIP(ip) == nil {
return nil, fmt.Errorf("Invalid ip address: %s", ip)
diff --git a/vendor/github.com/docker/go-connections/nat/sort.go b/vendor/github.com/docker/go-connections/nat/sort.go
index ce950171e..b6eed145e 100644
--- a/vendor/github.com/docker/go-connections/nat/sort.go
+++ b/vendor/github.com/docker/go-connections/nat/sort.go
@@ -43,7 +43,7 @@ type portMapSorter []portMapEntry
func (s portMapSorter) Len() int { return len(s) }
func (s portMapSorter) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
-// sort the port so that the order is:
+// Less sorts the port so that the order is:
// 1. port with larger specified bindings
// 2. larger port
// 3. port with tcp protocol
@@ -58,7 +58,7 @@ func (s portMapSorter) Less(i, j int) bool {
func SortPortMap(ports []Port, bindings PortMap) {
s := portMapSorter{}
for _, p := range ports {
- if binding, ok := bindings[p]; ok {
+ if binding, ok := bindings[p]; ok && len(binding) > 0 {
for _, b := range binding {
s = append(s, portMapEntry{port: p, binding: b})
}
diff --git a/vendor/github.com/docker/go-connections/sockets/proxy.go b/vendor/github.com/docker/go-connections/sockets/proxy.go
index 98e9a1dc6..c897cb02a 100644
--- a/vendor/github.com/docker/go-connections/sockets/proxy.go
+++ b/vendor/github.com/docker/go-connections/sockets/proxy.go
@@ -2,11 +2,8 @@ package sockets
import (
"net"
- "net/url"
"os"
"strings"
-
- "golang.org/x/net/proxy"
)
// GetProxyEnv allows access to the uppercase and the lowercase forms of
@@ -20,32 +17,12 @@ func GetProxyEnv(key string) string {
return proxyValue
}
-// DialerFromEnvironment takes in a "direct" *net.Dialer and returns a
-// proxy.Dialer which will route the connections through the proxy using the
-// given dialer.
-func DialerFromEnvironment(direct *net.Dialer) (proxy.Dialer, error) {
- allProxy := GetProxyEnv("all_proxy")
- if len(allProxy) == 0 {
- return direct, nil
- }
-
- proxyURL, err := url.Parse(allProxy)
- if err != nil {
- return direct, err
- }
-
- proxyFromURL, err := proxy.FromURL(proxyURL, direct)
- if err != nil {
- return direct, err
- }
-
- noProxy := GetProxyEnv("no_proxy")
- if len(noProxy) == 0 {
- return proxyFromURL, nil
- }
-
- perHost := proxy.NewPerHost(proxyFromURL, direct)
- perHost.AddFromString(noProxy)
-
- return perHost, nil
+// DialerFromEnvironment was previously used to configure a net.Dialer to route
+// connections through a SOCKS proxy.
+// DEPRECATED: SOCKS proxies are now supported by configuring only
+// http.Transport.Proxy, and no longer require changing http.Transport.Dial.
+// Therefore, only sockets.ConfigureTransport() needs to be called, and any
+// sockets.DialerFromEnvironment() calls can be dropped.
+func DialerFromEnvironment(direct *net.Dialer) (*net.Dialer, error) {
+ return direct, nil
}
diff --git a/vendor/github.com/docker/go-connections/sockets/sockets.go b/vendor/github.com/docker/go-connections/sockets/sockets.go
index a1d7beb4d..2e9e9006f 100644
--- a/vendor/github.com/docker/go-connections/sockets/sockets.go
+++ b/vendor/github.com/docker/go-connections/sockets/sockets.go
@@ -3,14 +3,9 @@ package sockets
import (
"errors"
- "net"
"net/http"
- "time"
)
-// Why 32? See https://github.com/docker/docker/pull/8035.
-const defaultTimeout = 32 * time.Second
-
// ErrProtocolNotAvailable is returned when a given transport protocol is not provided by the operating system.
var ErrProtocolNotAvailable = errors.New("protocol not available")
@@ -26,13 +21,6 @@ func ConfigureTransport(tr *http.Transport, proto, addr string) error {
return configureNpipeTransport(tr, proto, addr)
default:
tr.Proxy = http.ProxyFromEnvironment
- dialer, err := DialerFromEnvironment(&net.Dialer{
- Timeout: defaultTimeout,
- })
- if err != nil {
- return err
- }
- tr.Dial = dialer.Dial
}
return nil
}
diff --git a/vendor/github.com/docker/go-connections/sockets/sockets_unix.go b/vendor/github.com/docker/go-connections/sockets/sockets_unix.go
index 386cf0dbb..10d763426 100644
--- a/vendor/github.com/docker/go-connections/sockets/sockets_unix.go
+++ b/vendor/github.com/docker/go-connections/sockets/sockets_unix.go
@@ -3,6 +3,7 @@
package sockets
import (
+ "context"
"fmt"
"net"
"net/http"
@@ -10,7 +11,10 @@ import (
"time"
)
-const maxUnixSocketPathSize = len(syscall.RawSockaddrUnix{}.Path)
+const (
+ defaultTimeout = 10 * time.Second
+ maxUnixSocketPathSize = len(syscall.RawSockaddrUnix{}.Path)
+)
func configureUnixTransport(tr *http.Transport, proto, addr string) error {
if len(addr) > maxUnixSocketPathSize {
@@ -18,8 +22,11 @@ func configureUnixTransport(tr *http.Transport, proto, addr string) error {
}
// No need for compression in local communications.
tr.DisableCompression = true
- tr.Dial = func(_, _ string) (net.Conn, error) {
- return net.DialTimeout(proto, addr, defaultTimeout)
+ dialer := &net.Dialer{
+ Timeout: defaultTimeout,
+ }
+ tr.DialContext = func(ctx context.Context, _, _ string) (net.Conn, error) {
+ return dialer.DialContext(ctx, proto, addr)
}
return nil
}
diff --git a/vendor/github.com/docker/go-connections/sockets/sockets_windows.go b/vendor/github.com/docker/go-connections/sockets/sockets_windows.go
index 5c21644e1..7acafc5a2 100644
--- a/vendor/github.com/docker/go-connections/sockets/sockets_windows.go
+++ b/vendor/github.com/docker/go-connections/sockets/sockets_windows.go
@@ -1,6 +1,7 @@
package sockets
import (
+ "context"
"net"
"net/http"
"time"
@@ -15,8 +16,8 @@ func configureUnixTransport(tr *http.Transport, proto, addr string) error {
func configureNpipeTransport(tr *http.Transport, proto, addr string) error {
// No need for compression in local communications.
tr.DisableCompression = true
- tr.Dial = func(_, _ string) (net.Conn, error) {
- return DialPipe(addr, defaultTimeout)
+ tr.DialContext = func(ctx context.Context, _, _ string) (net.Conn, error) {
+ return winio.DialPipeContext(ctx, addr)
}
return nil
}
diff --git a/vendor/github.com/docker/go-connections/sockets/unix_socket.go b/vendor/github.com/docker/go-connections/sockets/unix_socket.go
index a8b5dbb6f..e7591e6ed 100644
--- a/vendor/github.com/docker/go-connections/sockets/unix_socket.go
+++ b/vendor/github.com/docker/go-connections/sockets/unix_socket.go
@@ -1,5 +1,51 @@
// +build !windows
+/*
+Package sockets is a simple unix domain socket wrapper.
+
+Usage
+
+For example:
+
+ import(
+ "fmt"
+ "net"
+ "os"
+ "github.com/docker/go-connections/sockets"
+ )
+
+ func main() {
+ l, err := sockets.NewUnixSocketWithOpts("/path/to/sockets",
+ sockets.WithChown(0,0),sockets.WithChmod(0660))
+ if err != nil {
+ panic(err)
+ }
+ echoStr := "hello"
+
+ go func() {
+ for {
+ conn, err := l.Accept()
+ if err != nil {
+ return
+ }
+ conn.Write([]byte(echoStr))
+ conn.Close()
+ }
+ }()
+
+ conn, err := net.Dial("unix", path)
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ buf := make([]byte, 5)
+ if _, err := conn.Read(buf); err != nil {
+ panic(err)
+ } else if string(buf) != echoStr {
+ panic(fmt.Errorf("Msg may lost"))
+ }
+ }
+*/
package sockets
import (
@@ -8,25 +54,73 @@ import (
"syscall"
)
-// NewUnixSocket creates a unix socket with the specified path and group.
-func NewUnixSocket(path string, gid int) (net.Listener, error) {
+// SockOption sets up socket file's creating option
+type SockOption func(string) error
+
+// WithChown modifies the socket file's uid and gid
+func WithChown(uid, gid int) SockOption {
+ return func(path string) error {
+ if err := os.Chown(path, uid, gid); err != nil {
+ return err
+ }
+ return nil
+ }
+}
+
+// WithChmod modifies socket file's access mode.
+func WithChmod(mask os.FileMode) SockOption {
+ return func(path string) error {
+ if err := os.Chmod(path, mask); err != nil {
+ return err
+ }
+ return nil
+ }
+}
+
+// NewUnixSocketWithOpts creates a unix socket with the specified options.
+// By default, socket permissions are 0000 (i.e.: no access for anyone); pass
+// WithChmod() and WithChown() to set the desired ownership and permissions.
+//
+// This function temporarily changes the system's "umask" to 0777 to work around
+// a race condition between creating the socket and setting its permissions. While
+// this should only be for a short duration, it may affect other processes that
+// create files/directories during that period.
+func NewUnixSocketWithOpts(path string, opts ...SockOption) (net.Listener, error) {
if err := syscall.Unlink(path); err != nil && !os.IsNotExist(err) {
return nil, err
}
- mask := syscall.Umask(0777)
- defer syscall.Umask(mask)
+ // net.Listen does not allow for permissions to be set. As a result, when
+ // specifying custom permissions ("WithChmod()"), there is a short time
+ // between creating the socket and applying the permissions, during which
+ // the socket permissions are Less restrictive than desired.
+ //
+ // To work around this limitation of net.Listen(), we temporarily set the
+ // umask to 0777, which forces the socket to be created with 000 permissions
+ // (i.e.: no access for anyone). After that, WithChmod() must be used to set
+ // the desired permissions.
+ //
+ // We don't use "defer" here, to reset the umask to its original value as soon
+ // as possible. Ideally we'd be able to detect if WithChmod() was passed as
+ // an option, and skip changing umask if default permissions are used.
+ origUmask := syscall.Umask(0777)
l, err := net.Listen("unix", path)
+ syscall.Umask(origUmask)
if err != nil {
return nil, err
}
- if err := os.Chown(path, 0, gid); err != nil {
- l.Close()
- return nil, err
- }
- if err := os.Chmod(path, 0660); err != nil {
- l.Close()
- return nil, err
+
+ for _, op := range opts {
+ if err := op(path); err != nil {
+ _ = l.Close()
+ return nil, err
+ }
}
+
return l, nil
}
+
+// NewUnixSocket creates a unix socket with the specified path and group.
+func NewUnixSocket(path string, gid int) (net.Listener, error) {
+ return NewUnixSocketWithOpts(path, WithChown(0, gid), WithChmod(0660))
+}
diff --git a/vendor/github.com/docker/go-connections/tlsconfig/config.go b/vendor/github.com/docker/go-connections/tlsconfig/config.go
index 0ef3fdcb4..992968373 100644
--- a/vendor/github.com/docker/go-connections/tlsconfig/config.go
+++ b/vendor/github.com/docker/go-connections/tlsconfig/config.go
@@ -53,18 +53,9 @@ var acceptedCBCCiphers = []uint16{
// known weak algorithms removed.
var DefaultServerAcceptedCiphers = append(clientCipherSuites, acceptedCBCCiphers...)
-// allTLSVersions lists all the TLS versions and is used by the code that validates
-// a uint16 value as a TLS version.
-var allTLSVersions = map[uint16]struct{}{
- tls.VersionSSL30: {},
- tls.VersionTLS10: {},
- tls.VersionTLS11: {},
- tls.VersionTLS12: {},
-}
-
// ServerDefault returns a secure-enough TLS configuration for the server TLS configuration.
func ServerDefault(ops ...func(*tls.Config)) *tls.Config {
- tlsconfig := &tls.Config{
+ tlsConfig := &tls.Config{
// Avoid fallback by default to SSL protocols < TLS1.2
MinVersion: tls.VersionTLS12,
PreferServerCipherSuites: true,
@@ -72,25 +63,25 @@ func ServerDefault(ops ...func(*tls.Config)) *tls.Config {
}
for _, op := range ops {
- op(tlsconfig)
+ op(tlsConfig)
}
- return tlsconfig
+ return tlsConfig
}
// ClientDefault returns a secure-enough TLS configuration for the client TLS configuration.
func ClientDefault(ops ...func(*tls.Config)) *tls.Config {
- tlsconfig := &tls.Config{
+ tlsConfig := &tls.Config{
// Prefer TLS1.2 as the client minimum
MinVersion: tls.VersionTLS12,
CipherSuites: clientCipherSuites,
}
for _, op := range ops {
- op(tlsconfig)
+ op(tlsConfig)
}
- return tlsconfig
+ return tlsConfig
}
// certPool returns an X.509 certificate pool from `caFile`, the certificate file.
@@ -108,11 +99,11 @@ func certPool(caFile string, exclusivePool bool) (*x509.CertPool, error) {
return nil, fmt.Errorf("failed to read system certificates: %v", err)
}
}
- pem, err := ioutil.ReadFile(caFile)
+ pemData, err := ioutil.ReadFile(caFile)
if err != nil {
return nil, fmt.Errorf("could not read CA certificate %q: %v", caFile, err)
}
- if !certPool.AppendCertsFromPEM(pem) {
+ if !certPool.AppendCertsFromPEM(pemData) {
return nil, fmt.Errorf("failed to append certificates from PEM file: %q", caFile)
}
return certPool, nil
@@ -141,7 +132,7 @@ func adjustMinVersion(options Options, config *tls.Config) error {
}
// IsErrEncryptedKey returns true if the 'err' is an error of incorrect
-// password when tryin to decrypt a TLS private key
+// password when trying to decrypt a TLS private key
func IsErrEncryptedKey(err error) bool {
return errors.Cause(err) == x509.IncorrectPasswordError
}
@@ -157,8 +148,8 @@ func getPrivateKey(keyBytes []byte, passphrase string) ([]byte, error) {
}
var err error
- if x509.IsEncryptedPEMBlock(pemBlock) {
- keyBytes, err = x509.DecryptPEMBlock(pemBlock, []byte(passphrase))
+ if x509.IsEncryptedPEMBlock(pemBlock) { //nolint:staticcheck // Ignore SA1019 (IsEncryptedPEMBlock is deprecated)
+ keyBytes, err = x509.DecryptPEMBlock(pemBlock, []byte(passphrase)) //nolint:staticcheck // Ignore SA1019 (DecryptPEMBlock is deprecated)
if err != nil {
return nil, errors.Wrap(err, "private key is encrypted, but could not decrypt it")
}
diff --git a/vendor/github.com/docker/go-connections/tlsconfig/versions_go113.go b/vendor/github.com/docker/go-connections/tlsconfig/versions_go113.go
new file mode 100644
index 000000000..d8215f8e7
--- /dev/null
+++ b/vendor/github.com/docker/go-connections/tlsconfig/versions_go113.go
@@ -0,0 +1,16 @@
+// +build go1.13
+
+package tlsconfig
+
+import (
+ "crypto/tls"
+)
+
+// allTLSVersions lists all the TLS versions and is used by the code that validates
+// a uint16 value as a TLS version.
+var allTLSVersions = map[uint16]struct{}{
+ tls.VersionTLS10: {},
+ tls.VersionTLS11: {},
+ tls.VersionTLS12: {},
+ tls.VersionTLS13: {},
+}
diff --git a/vendor/github.com/docker/go-connections/tlsconfig/versions_other.go b/vendor/github.com/docker/go-connections/tlsconfig/versions_other.go
new file mode 100644
index 000000000..a5ba7f4a3
--- /dev/null
+++ b/vendor/github.com/docker/go-connections/tlsconfig/versions_other.go
@@ -0,0 +1,15 @@
+// +build !go1.13
+
+package tlsconfig
+
+import (
+ "crypto/tls"
+)
+
+// allTLSVersions lists all the TLS versions and is used by the code that validates
+// a uint16 value as a TLS version.
+var allTLSVersions = map[uint16]struct{}{
+ tls.VersionTLS10: {},
+ tls.VersionTLS11: {},
+ tls.VersionTLS12: {},
+}